Researchers find almost EVERY computer with an Intel Skylake and above CPU can be owned via USB

[Skipperio]

https://thenextweb.com/security/2017/11/09/researchers-find-almost-every-computer-intel-skylake-cpu-can-owned-via-usb/

 

It has been discovered that it is now possible to "hack" into your Intel Skylake and above CPU via Intel's Management Engine (IME) and it's possible via USB. When they have access to IME they can basically do anything they want even use your encrypted storage.

Quote

The Intel Management Engine (IME) is a component of virtually every Intel CPU released after 2008. Think of it as a CPU on top of a CPU; it does tasks separate from the main operating system while the computer is in use. Intel argues that it can be used to do remote administration tasks, although the likes of the EFF have long argued that having a “black box” that can control networking and hardware, even when the computer is switched off, represents a major security and privacy risk.

Turns out they were right. Security firm Positive Technologies reports being able to execute unsigned code on computers running the IME through USB. The fully fleshed-out details of the attack are yet to be known, but from what we know, it’s bad.

 

Essentially, the IME is linked to JTAG (Joint Test Action Group) debugging ports. USB ports also use JTAG. For this attack, Positive Technologies figured how to bridge the gap, although as previously mentioned, they haven’t gone into specifics of how. Yikes.

Fortunately, this particular attack vector only affects Skylake and above CPUs, although, like I said, pretty much every Intel CPU released after 2008 includes the Intel Management Engine.

 

This isn’t the first time that researchers have uncovered substantial security issues in the IME. This time around, the main issue is that it’s exploitable via USB, which is a common attack vector. The Stuxnet malware, for example, which was credited with temporarily interfering with Iran’s nuclear program, was initially spread via infected USB sticks deliberately dropped on the ground.

Here, we can perceivably imagine an adversary gaining “godmode” on a computer by using the same tactic — because, let’s face it, if someone finds a flash drive on the floor, they’ll probably plug it in.

 

Frustratingly, it’s impossible to remove the Intel Management Engine entirely. It’s a physical component, baked into the heart of your computer’s CPU. It is, however, possible to switch out the IME’s firmware, essentially neutering it.

 

There is company Purism that is selling laptops with disabled IME and they planning selling smartphone as well.

Quote

Interestingly, there’s growing a niche for computers without the technology. One San Francisco company, Purism, sells laptops without IME. When reached for comment, Purism’s founder and CEO Todd Weaver, said, “The Intel ME, long theorized to be the scariest of threats is no longer is just theory. Having access to any Intel machine just above hardware and lower than all software means an attacker or criminal has complete control over everything; encrypted storage, secret keys, passwords, financial details, everything on your computer or that your computer does. All the things you hoped were safe are not.”

“Purism previously disabled the Management Engine in our laptops because we knew it was only a matter of time before this theoretical threat became reality. Purism is the only company to ship laptops with the ME disabled by default, and we invest in security enhancements on our hardware, benefiting users around the globe,” he added.

 

One good thing about this is that we will be able to "disable" it now or go ask AMD to remove their PSP since they already have opensource GPU drivers.

 

 

[Lurick]

@Skipperio Don't forget, you need to include a summary of your thoughts on the issue with your story as well

[samcool55]

5 minutes ago, VegetableStu said:

okay, what does it mean for us? (BIOS-level hardware kidnapping?) (don't plug in randos' USB sticks?)

so are we plebs screwed or what

 

(this comment rolling edits as the google spiral goes on)

To keep it simple, there are levels where you can get access to. The lower the level, the more you can do and the less easy it is to detect/get access to.

Lowest level most users should get access to is 0. This hack or whatever allows access to level -3 (not 3). It's lower than the BIOS. it's some piece of microcode on the CPU itself afaik.

[Zando_]

Ehehehehehehehehe.... I’m still on X58, so I’m good. Am building a Skylake/Kaby Lake rig for a friend tho...

[TheCherryKing]

I'm glad to still be using Broadwell and Haswell. Even though the Skylake micro architecture is two years old it still has many security flaws and is poorly optimized. No wonder why the folks on eBay are still selling Broadwell-based Xeons near full price!

[TidaLWaveZ]

Constantly reminded how great of a decision the 5820k was.

[TidaLWaveZ]

4 minutes ago, VegetableStu said:

6800K here. article says skylake onwards, but this being a "required feature" thing from 2008.... how safe are we? ._.

Safe from this, at least until tomorrow.

[Skipperio]

1 hour ago, Skipperio said:

pretty much every Intel CPU released after 2008 includes the Intel Management Engine.

anything before 2008 is safe since it doesn't have IME

[Ryujin2003]

1 hour ago, VegetableStu said:

okay, what does it mean for us? (BIOS-level hardware kidnapping?) (don't plug in randos' USB sticks?)

so are we plebs screwed or what

Practice save data transfers.

[TheCherryKing]

Does AMD have anything like Intel Management Engine?

[Bananasplit_00]

guess this makes 4th and 5th gen even more attractive lol, glad im still on 4th gen tbh

[TheCherryKing]

2 minutes ago, Bananasplit_00 said:

guess this makes 4th and 5th gen even more attractive lol, glad im still on 4th gen tbh

4th and 5th gen are still attractive. The prices of the those older CPU's on eBay has actually gone up!

[Bananasplit_00]

Just now, TheCherryKing said:

4th and 5th gen are still attractive. The prices of the those older CPU's on eBay has actually gone up!

i honestly want to get a 5th gen chip just for the silly names, but i dont know how they perform overclocking wise tbh. but yah, interest for 4th gen is high because you can still use DDR3 if you are upgradeing from an older platform like AM3, and DDR4 is silly expensive.

[SpaceGhostC2C]

12 minutes ago, TheCherryKing said:

Does AMD have anything like Intel Management Engine?

I think Ryzen Pro may have, but you want to check that with someone better informed (it could be more than Ryzen Pro, it could be not even).

[GDRRiley]

rip me and my 3 friends who have skylake builds. 

[Crunchy Dragon]

And I'm all the way back here on Sandy Bridge....

 

Although since it has to run through USB does that mean I'm pretty much safe since nobody uses my USB hub but me and all my other USB ports are dead other than power delivery?

[PlayStation 2]

Dear peoples, I have no regrets on buying my shitty Athlon.

Sincerely, this isn't worth $60USD

[TheCherryKing]

1 hour ago, Bananasplit_00 said:

i honestly want to get a 5th gen chip just for the silly names, but i dont know how they perform overclocking wise tbh. but yah, interest for 4th gen is high because you can still use DDR3 if you are upgradeing from an older platform like AM3, and DDR4 is silly expensive.

In the high-end desktop and server processor lines DDR4 memory is used for 4th and 5th generation Intel Core and Xeon CPU's. 

[TheCherryKing]

1 hour ago, SpaceGhostC2C said:

I think Ryzen Pro may have, but you want to check that with someone better informed (it could be more than Ryzen Pro, it could be not even).

What about Epyc? 

[Linus_torvalds]

2 hours ago, TheCherryKing said:

Does AMD have anything like Intel Management Engine?

Yes

every AMD processor since 2013 and every intel processor since 2006 do have PSP (for AMD) or IME (for intel). But you can disable IME on intel CPUs until 2008/2009 and then remove it, but not on newer CPUs like on all core i series. quote from the links below

 

"the ME is present on all Intel desktop, mobile (laptop), and server systems since mid 2006.

Before version 6.0 (that is, on systems from 2008/2009 and earlier), the ME can be disabled by setting a couple of values in the SPI flash memory. The ME firmware can then be removed entirely from the flash memory space. libreboot does this on the Intel 4 Series systems that it supports, such as the Libreboot X200 and Libreboot T400. ME firmware versions 6.0 and later, which are found on all systems with an Intel Core i3/i5/i7 CPU and a PCH, include “ME Ignition” firmware that performs some hardware initialization and power management. If the ME’s boot ROM does not find in the SPI flash memory an ME firmware manifest with a valid Intel signature, the whole PC will shut down after 30 minutes."

 

More info here

Intel https://libreboot.org/faq.html#intel

AMD https://libreboot.org/faq.html#amd

[DildorTheDecent]

>Not immediately in danger but might be. 

 

Thanks 5820K. Hasweasel-E still got it. 

[Sniperfox47]

Possible solution: Physically neuter any and all USB ports on your motherboard that are supplied by the chipset, only using ports supplied by 3rd party controllers.

[leadeater]

49 minutes ago, TheCherryKing said:

What about Epyc? 

EPYC has a security chip for memory encryption and secure boot, few other things too I think. The difference with that is it's used for cryptography functions and not as a control engine for the system. I also think AMD PSP has a bit less control over a system compared to Intel IME but don't take my word on that, it's been a VERY long time since I cared about AMD in that respect.

[leadeater]

I guess this means we should all start buying Intel E5 Xeons instead lol. Those don't have AMT/IME in them at all.

 

Quote

Data center servers using Intel® Server Platform Services are not affected by this vulnerability. If you are uncertain, you should evaluate your systems to make sure they are secured against this vulnerability. 

 

[2FA]

This isn't going to affect 99.9% of people because it requires physical access to your machine. Getting a bit sensationalist over this aren't we? Newsflash: physical access makes every attack immensely easy.